Try our new research platform with insights from 80,000+ expert users

Cortex XDR by Palo Alto Networks vs ThreatLocker Zero Trust Endpoint Protection Platform comparison

Palo Alto Networks and ThreatLocker are both solutions in the Endpoint Protection Platform (EPP) category. Palo Alto Networks is ranked #4 with an average rating of 8.7, while ThreatLocker is ranked #10 with an average rating of 9.1. Palo Alto Networks holds a 4.0% mindshare in EPP, compared to ThreatLocker’s 0.7% mindshare. Additionally, 95% of Palo Alto Networks users are willing to recommend the solution, compared to 97% of ThreatLocker users who would recommend it.
Cortex XDR by Palo Alto Net...
Read 90 Cortex XDR by Palo Alto Networks reviews
  • 16,556 Views
  • 9,737 Comparison Views
95% willing to recommend
ThreatLocker Zero Trust End...
Read 39 ThreatLocker Zero Trust Endpoint Protection Platform reviews
  • 2,418 Views
  • 1,622 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 23, 2025

Cortex XDR and ThreatLocker Zero Trust Endpoint Protection both compete in the endpoint security category. ThreatLocker seems to have an advantage due to its more competitive pricing and faster customer support.

Features: Cortex XDR offers advanced detection capabilities, endpoint security, and Wildfire AI integration. Its multi-layered approach provides robust malware protection. ThreatLocker focuses on application allowlisting, ring-fencing, and zero-trust environment creation, offering granular control over software execution.

Room for Improvement: Cortex XDR users mention issues with Windows and Mac functionality, resource consumption, and a complex initial setup. ThreatLocker users note network saturation challenges, user interface navigation difficulties, and complex setup processes.

Ease of Deployment and Customer Service: Cortex XDR supports various cloud environments but faces variability in technical support, which can be slow for complex issues. ThreatLocker provides consistent support across environments with fast response times and knowledgeable staff, often praised for efficient interactions.

Pricing and ROI: Cortex XDR is considered expensive, but some users find its feature set justifies the cost, leading to reduced operational expenses. ThreatLocker offers more competitive pricing, seen as offering good value and contributing to cost savings by reducing software redundancies and administrative efforts.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cortex XDR by Palo Alto Networks vs. ThreatLocker Zero Trust Endpoint Protection Platform Report (Updated: February 2025).
Buyer's Guide
Cortex XDR by Palo Alto Networks vs. ThreatLocker Zero Trust Endpoint Protection Platform
February 2025
Download the complete report
Helped 842,466 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.7
Organizations see reduced incidents, cost savings, and improved security with Cortex XDR, enhancing compliance and user satisfaction.
Sentiment score
8.1
ThreatLocker Platform boosts security, blocks ransomware, enhances control, and ensures swift value, reducing overhead for increased productivity and revenue.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
For more quotes and insights, download the Cortex XDR by Palo Alto Networks report
If something were to happen without ThreatLocker, the cost would be huge, and thus, having it is definitely worth it.
The main return on investment is peace of mind, knowing that with ThreatLocker on any endpoint, it will almost always block all malicious code or exploits, even zero-day exploits.
It keeps malware, Trojans, and ransomware at bay.
For more quotes and insights, download the ThreatLocker Zero Trust Endpoint Protection Platform report
EC
DL
LS
Johnathan Bodily - PeerSpot reviewer
 

Customer Service

Sentiment score
6.6
Cortex XDR's customer service is mixed, praised for efficiency but criticized for slow response and high costs in some areas.
Sentiment score
8.8
ThreatLocker Zero Trust offers rapid support, with knowledgeable representatives providing efficient, real-time assistance and commendable Cyber Hero service.
Every vendor has similar support; it depends on how the case is handled and raised.
Their support is efficient and responsive whenever I raise a ticket through my portal.
For more quotes and insights, download the Cortex XDR by Palo Alto Networks report
They have been very responsive, helpful, and knowledgeable.
I would rate their customer support a ten out of ten.
Their support is world-class.
For more quotes and insights, download the ThreatLocker Zero Trust Endpoint Protection Platform report
EC
NiteshSharma - PeerSpot reviewerreviewer2665902 - PeerSpot reviewer
RH
CL
 

Scalability Issues

Sentiment score
7.6
Cortex XDR excels in scalability, supporting diverse organizations with seamless cloud management and efficient deployment across various environments.
Sentiment score
8.2
ThreatLocker offers scalable zero trust protection, easily deploying across endpoints, adapting efficiently to organizations' evolving security needs.
No quotes available
For more quotes and insights, download the Cortex XDR by Palo Alto Networks report
I started off with just the servers, and within a month and a half, I set up the entire company with ThreatLocker.
It seems to primarily operate on the endpoints rather than at a central location pushing out policies.
I would rate it a ten out of ten for scalability.
For more quotes and insights, download the ThreatLocker Zero Trust Endpoint Protection Platform report
Johnathan Bodily - PeerSpot reviewerreviewer2665902 - PeerSpot reviewer
LS
 

Stability Issues

Sentiment score
8.1
Cortex XDR is stable and reliable, with improved performance over time, despite occasional database challenges and false alerts.
Sentiment score
7.5
ThreatLocker Zero Trust Platform offers stable, reliable service with minor issues, excellent integration, and responsive support, enhancing dependability.
Cortex XDR is stable, offering high quality and reliable performance.
For more quotes and insights, download the Cortex XDR by Palo Alto Networks report
For five years, we have not had a problem.
Once deployed, it downloads the policies locally, so even if the computer doesn't have internet, it doesn't matter.
It has been very stable, reliable, and accessible.
For more quotes and insights, download the ThreatLocker Zero Trust Endpoint Protection Platform report
EC
CL
RN
JA
 

Room For Improvement

Cortex XDR requires enhancements in customization, integration, efficiency, threat detection, pricing, and support to address enterprise challenges.
ThreatLocker can enhance with flexible training, improved network management, user interface updates, optimized logging, and increased application support.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
Cortex XDR could improve its sales support team, including better commission structures and referral programs.
For more quotes and insights, download the Cortex XDR by Palo Alto Networks report
Controlling the cloud environment, not just endpoints, is crucial.
This is problematic when immediate attention is needed.
Comprehensive 24-hour log monitoring is a valuable enhancement for both business and enterprise-level users.
For more quotes and insights, download the ThreatLocker Zero Trust Endpoint Protection Platform report
NiteshSharma - PeerSpot reviewer
EC
JA
Musah Ibrahim - PeerSpot reviewerreviewer2594715 - PeerSpot reviewer
 

Setup Cost

Cortex XDR pricing is viewed as flexible by some, but others find it expensive, varying by usage and features.
ThreatLocker Zero Trust Platform is praised for reasonable pricing, flexibility, value, and scalability, despite some renewal challenges.
Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing.
Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos.
For more quotes and insights, download the Cortex XDR by Palo Alto Networks report
After conversations with other partners, it became clear we underpriced it initially, which caused most of our issues.
We are moving towards the Unified solution, where they basically bundle everything together, providing us better stability with the ability to bring in new product offerings without having to go back to the customer and say, 'This is going to cost you.'
I had a really good deal at the time, and it continues to be cost-effective.
For more quotes and insights, download the ThreatLocker Zero Trust Endpoint Protection Platform report
EC
NiteshSharma - PeerSpot reviewer
RH
CL
ZK
 

Valuable Features

Cortex XDR offers advanced endpoint security, integration, AI threat analytics, user-friendly interface, scalability, and low resource consumption.
ThreatLocker enhances security with user-friendly features like allowlisting, ring-fencing, selective elevation, and efficient Cyber Hero support.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
For more quotes and insights, download the Cortex XDR by Palo Alto Networks report
ThreatLocker Zero Trust Endpoint Protection Platform's ability to block access to unauthorized applications has been excellent.
It protects our customers.
The major benefit is fewer breaches overall, as nothing can be run without prior approval. This helps my company protect its data and secure itself effectively.
For more quotes and insights, download the ThreatLocker Zero Trust Endpoint Protection Platform report
EC
NiteshSharma - PeerSpot reviewer
ZK
JV
DL
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Ranking in Endpoint Protection Platform (EPP)
4th
Ranking in Ransomware Protection
2nd
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
90
Ranking in other categories
Extended Detection and Response (XDR) (7th), AI-Powered Cybersecurity Platforms (5th)
ThreatLocker Zero Trust End...
Ranking in Endpoint Protection Platform (EPP)
10th
Ranking in Ransomware Protection
4th
Average Rating
9.2
Reviews Sentiment
7.6
Number of Reviews
39
Ranking in other categories
Network Access Control (NAC) (5th), Advanced Threat Protection (ATP) (7th), Application Control (3rd), ZTNA (6th)
 

Mindshare comparison

As of March 2025, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.0%, down from 5.2% compared to the previous year. The mindshare of ThreatLocker Zero Trust Endpoint Protection Platform is 0.7%, down from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP)
 

Featured Reviews

Mohammad Qaw - PeerSpot reviewer
Perfect correlation and XDR capabilities for network traffic plus endpoint security
The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market.
Read full review
Johnathan Bodily - PeerSpot reviewer
Ensures ransomware protection and reduces phishing chaos
The application control has been great so far, and while I am still exploring the network access controls, I unfortunately don't have access to one module I would love to have due to licensing restrictions. It's easy to use in regard to reducing attack surfaces. For me, it's a piece of cake. We can have something approved within 30 seconds, thanks to the mobile app. We haven't eliminated security solutions. We just add to it, and ThreatLocker has been a great addition. We also have Kaseya and ThreatLocker as a supplement to that. It's useful. They have overlap, and we look at the overlap as a good thing. It's helped your organization save on operational costs or expenses by ensuring that many fewer hours are spent dealing with ransomware nonsense. I cannot count the amount of hours that I personally have not had to put in to recovering an environment from a ransomware event. The last big one took us about three weeks to completely recover from. Since we've grouped ThreatLocker in, the management of that whole setup has gone down to just daily help desk tasks and general server maintenance instead of having the whole system on fire. There are probably thousands of hours of saved time between our teams. It's been great so far. ThreatLocker Zero Trust Endpoint Protection Platform's ability to block access to unauthorized applications is great. It's my biggest protection, the blocked applications. In a lot of cases, you go to install something yourself that you need for management, and it comes in and says, nope. And then I have to log into the portal and approve it. I get our other guys saying, hey, why are you trying to approve something? Any of the tools that I'm using on a day-to-day basis that haven't been in the environment during the whole learning mode initially, I could go through and set extensions and all that. So, while it's a headache on that end, the amount of saved time I can't even count. It is a little frustrating on my end since I like to go as quickly as I possibly can, and it slows me down. However, that's a really good thing. Depending on the site, it can save a lot of time and cut down headaches. It's likely saved a week's worth of time. It's cut down the amount of sever help desk tickets. Those have become minimal.
Read full review
report
See which vendors are best for you
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
See recommendations
842,466 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
9%
Government
8%
Manufacturing Company
7%
Computer Software Company
38%
Retailer
8%
Manufacturing Company
5%
Financial Services Firm
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
See all answers
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
See all answers
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
See all answers
What do you like most about ThreatLocker Allowlisting?
The interface is clean and well-organized, making it simple to navigate and find what we need.
See all answers
What is your experience regarding pricing and costs for ThreatLocker Allowlisting?
We have encountered a few challenges regarding pricing, contract renewals, and additions. As we explored adding features like Cyber Hero, it proved to be an increased expense for our clients. This ...
See all answers
What needs improvement with ThreatLocker Allowlisting?
I find that the learning mode is too accessible. Technicians sometimes default to it instead of manually building policy controls. I would prefer the learning mode to be harder to access, ideally h...
See all answers
 

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks
Compared 12% of the time
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks Logo
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks
Compared 7% of the time
Darktrace vs Cortex XDR by Palo Alto Networks Logo
Darktrace vs Cortex XDR by Palo Alto Networks
Compared 6% of the time
Wazuh vs Cortex XDR by Palo Alto Networks Logo
Wazuh vs Cortex XDR by Palo Alto Networks
Compared 5% of the time
Check Point Harmony Endpoint vs Cortex XDR by Palo Alto Networks Logo
Check Point Harmony Endpoint vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
More Cortex XDR by Palo Alto Networks Competitors
SentinelOne Singularity Complete vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
SentinelOne Singularity Complete vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 26% of the time
Microsoft Defender for Endpoint vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
Microsoft Defender for Endpoint vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 20% of the time
CrowdStrike Falcon vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
CrowdStrike Falcon vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 18% of the time
VMware Carbon Black Endpoint vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
VMware Carbon Black Endpoint vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 5% of the time
Fortinet FortiClient vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
Fortinet FortiClient vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 3% of the time
More ThreatLocker Zero Trust Endpoint Protection Platform Competitors
 

Product Reports

Buyer's Guide
Cortex XDR by Palo Alto Networks
March 2025
Cortex XDR by Palo Alto Networks reportDownload Cortex XDR by Palo Alto Networks product report
Buyer's Guide
ThreatLocker Zero Trust Endpoint Protection Platform
March 2025
ThreatLocker Zero Trust Endpoint Protection Platform reportDownload ThreatLocker Zero Trust Endpoint Protection Platform product report
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Protect, Allowlisting, Network Control, Ringfencing
 

Overview

Cortex XDR by Palo Alto Networks delivers comprehensive endpoint security, integrating well with other systems to offer robust threat detection and real-time protection through AI-driven analytics.

Cortex XDR by Palo Alto Networks offers advanced endpoint protection and threat detection through AI and behavior-based analytics. Its user-friendly design simplifies integration with firewalls, delivering multi-layered protection with low resource consumption. Valued for policy management, USB control, and incident correlation, Cortex XDR enhances threat management and real-time threat hunting capabilities. However, users note challenges with third-party integration, reporting, and dashboard automation. Agent performance across operating systems and memory consumption are areas for improvement, alongside reducing false positives and simplifying endpoint management and setup.

What features does Cortex XDR offer?
  • Behavior-Based Detection: Analyzes user behavior to identify suspicious activities.
  • AI Analytics: Utilizes AI for accurate threat detection and response.
  • Real-Time Protection: Provides immediate defense against threats.
  • Policy Management: Allows customization of security policies across endpoints.
  • USB Control: Regulates USB device access for added security.
  • Incident Correlation: Connects and analyzes various security events for better response.
  • Firewall Integration: Seamlessly works with firewalls for enhanced security.
  • Machine Learning Capabilities: Continuously improves threat detection precision.
What benefits should be considered in reviews?
  • Low Resource Consumption: Efficient security functions without taxing system resources.
  • Multi-Layered Protection: Comprehensive security across multiple attack vectors.
  • User-Friendly Interface: Intuitive design for easier management.
  • Enhanced Threat Management: Identifies and mitigates threats effectively.
  • Real-Time Threat Hunting: Proactively searches for and mitigates potential threats.

Cortex XDR is crucial in industries requiring robust endpoint protection, such as finance, healthcare, and technology. It supports malware detection, behavioral analysis, and ransomware mitigation across endpoints, including remote work environments, providing comprehensive threat visibility and security policy management. The solution's integration with firewalls and specialized industry requirements enhances security posture in diverse operational settings.

Palo Alto Networks

ThreatLocker Zero Trust Endpoint Protection Platform offers robust endpoint security through application control and allowlisting, safeguarding servers and workstations from unauthorized software execution.

ThreatLocker Zero Trust Endpoint Protection Platform provides extensive application control with features like ring-fencing and selective elevation, ensuring meticulous execution management. Offering learning mode and extensive support, it integrates threat detection and activity monitoring to enhance compliance, reduce costs, and bolster cybersecurity through alerts and approvals. Despite its strengths, there are areas for improvement in training flexibility, policy updates, and interface enhancements, along with challenges in handling non-digitally signed software. Deployed across environments, it works well with existing cybersecurity instruments for real-time threat prevention.

What are the top features of ThreatLocker?
  • Intuitive Interface: User-friendly design simplifies endpoint protection management.
  • Application Blocking: Prevents unauthorized applications from running.
  • Selective Elevation: Grants control over application permissions.
  • Ring-Fencing: Isolates applications to limit interactions.
  • Allowlisting: Ensures only trusted software can execute.
  • Learning Mode: Facilitates configuration by observing user behavior.
  • Real-Time Support: Access to assistance and training resources.
What benefits should reviewers seek?
  • Compliance: Meets regulatory standards.
  • Operational Cost Reduction: Consolidated alerts and approvals.
  • Enhanced Cybersecurity: Prevention of unauthorized applications.
  • Regulatory Alignment: Helps ensure adherence to legal requirements.

ThreatLocker Zero Trust Endpoint Protection Platform is widely implemented to safeguard IT infrastructures against unauthorized access and application use. In sectors where data security is paramount, this platform enables users to prevent unauthorized software installations and control device applications, ensuring real-time threat prevention and compliance with industry regulations.

ThreatLocker
 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
Buyer's Guide
Cortex XDR by Palo Alto Networks vs. ThreatLocker Zero Trust Endpoint Protection Platform
February 2025
Free Report: Cortex XDR by Palo Alto Networks vs. ThreatLocker Zero Trust Endpoint Protection Platform
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. ThreatLocker Zero Trust Endpoint Protection Platform and other solutions. Updated: February 2025.
DOWNLOAD NOW
842,466 professionals have used our research since 2012.
See our Cortex XDR by Palo Alto Networks vs. ThreatLocker Zero Trust Endpoint Protection Platform report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Ransomware Protection vendors.

We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.